Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Run Tasks permissions for Org. and Workspace #383

Merged
merged 1 commit into from May 4, 2022

Conversation

glennsarti
Copy link
Contributor

@glennsarti glennsarti commented Apr 20, 2022

Description

This commit adds the beta API changes for the Run Tasks permissions
as per RFC TF-474:

  • Permission to modify Organization level Run Tasks
  • Permission to modify Workspace level Run Tasks

This commit also adds tests for these beta features.

Testing plan

  1. Create an Organization
  2. Query the Organization permissions and ensure the manage run tasks permission is populated correctly
  3. Create a Workspace
  4. Query the Workspace permissions and ensure the manage run tasks permission is populated correctly

External links

@glennsarti
Copy link
Contributor Author

glennsarti commented Apr 20, 2022

ENABLE_BETA=1 go test -run TestTeamAccess -v ./... -tags=integration

=== RUN   TestTeamAccessesList
=== RUN   TestTeamAccessesList/with_valid_options
    team_access_integration_test.go:44: paging not supported yet in API
=== RUN   TestTeamAccessesList/with_list_options
    team_access_integration_test.go:50: paging not supported yet in API
=== RUN   TestTeamAccessesList/without_TeamAccessListOptions
=== RUN   TestTeamAccessesList/without_WorkspaceID_options
=== RUN   TestTeamAccessesList/without_a_valid_workspaceID
--- PASS: TestTeamAccessesList (5.21s)
    --- SKIP: TestTeamAccessesList/with_valid_options (0.31s)
    --- SKIP: TestTeamAccessesList/with_list_options (0.00s)
    --- PASS: TestTeamAccessesList/without_TeamAccessListOptions (0.00s)
    --- PASS: TestTeamAccessesList/without_WorkspaceID_options (0.00s)
    --- PASS: TestTeamAccessesList/without_a_valid_workspaceID (0.00s)
=== RUN   TestTeamAccessesAdd
=== RUN   TestTeamAccessesAdd/with_valid_options
=== RUN   TestTeamAccessesAdd/with_valid_custom_options
=== RUN   TestTeamAccessesAdd/with_invalid_custom_options
=== RUN   TestTeamAccessesAdd/when_the_team_already_has_access
=== RUN   TestTeamAccessesAdd/when_options_is_missing_access
=== RUN   TestTeamAccessesAdd/when_options_is_missing_team
=== RUN   TestTeamAccessesAdd/when_options_is_missing_workspace
--- PASS: TestTeamAccessesAdd (5.41s)
    --- PASS: TestTeamAccessesAdd/with_valid_options (0.81s)
    --- PASS: TestTeamAccessesAdd/with_valid_custom_options (0.72s)
    --- PASS: TestTeamAccessesAdd/with_invalid_custom_options (0.24s)
    --- PASS: TestTeamAccessesAdd/when_the_team_already_has_access (1.53s)
    --- PASS: TestTeamAccessesAdd/when_options_is_missing_access (0.00s)
    --- PASS: TestTeamAccessesAdd/when_options_is_missing_team (0.00s)
    --- PASS: TestTeamAccessesAdd/when_options_is_missing_workspace (0.00s)
=== RUN   TestTeamAccessesRead
=== RUN   TestTeamAccessesRead/when_the_team_access_exists
=== RUN   TestTeamAccessesRead/when_the_team_access_exists/permission_attributes_are_decoded
=== RUN   TestTeamAccessesRead/when_the_team_access_exists/team_relationship_is_decoded
=== RUN   TestTeamAccessesRead/when_the_team_access_exists/workspace_relationship_is_decoded
=== RUN   TestTeamAccessesRead/when_the_team_access_does_not_exist
=== RUN   TestTeamAccessesRead/without_a_valid_team_access_ID
--- PASS: TestTeamAccessesRead (3.15s)
    --- PASS: TestTeamAccessesRead/when_the_team_access_exists (0.24s)
        --- PASS: TestTeamAccessesRead/when_the_team_access_exists/permission_attributes_are_decoded (0.00s)
        --- PASS: TestTeamAccessesRead/when_the_team_access_exists/team_relationship_is_decoded (0.00s)
        --- PASS: TestTeamAccessesRead/when_the_team_access_exists/workspace_relationship_is_decoded (0.00s)
    --- PASS: TestTeamAccessesRead/when_the_team_access_does_not_exist (0.22s)
    --- PASS: TestTeamAccessesRead/without_a_valid_team_access_ID (0.00s)
=== RUN   TestTeamAccessesUpdate
=== RUN   TestTeamAccessesUpdate/with_valid_attributes
--- PASS: TestTeamAccessesUpdate (2.89s)
    --- PASS: TestTeamAccessesUpdate/with_valid_attributes (0.25s)
=== RUN   TestTeamAccessesRemove
=== RUN   TestTeamAccessesRemove/with_valid_options
=== RUN   TestTeamAccessesRemove/when_the_team_access_does_not_exist
=== RUN   TestTeamAccessesRemove/when_the_team_access_ID_is_invalid
--- PASS: TestTeamAccessesRemove (2.91s)
    --- PASS: TestTeamAccessesRemove/with_valid_options (0.46s)
    --- PASS: TestTeamAccessesRemove/when_the_team_access_does_not_exist (0.22s)
    --- PASS: TestTeamAccessesRemove/when_the_team_access_ID_is_invalid (0.00s)
=== RUN   TestTeamAccessesReadRunTasks
=== RUN   TestTeamAccessesReadRunTasks/when_the_team_access_exists
=== RUN   TestTeamAccessesReadRunTasks/when_the_team_access_exists/permission_attributes_are_decoded
--- PASS: TestTeamAccessesReadRunTasks (2.93s)
    --- PASS: TestTeamAccessesReadRunTasks/when_the_team_access_exists (0.26s)
        --- PASS: TestTeamAccessesReadRunTasks/when_the_team_access_exists/permission_attributes_are_decoded (0.00s)
=== RUN   TestTeamAccessesUpdateRunTasks
=== RUN   TestTeamAccessesUpdateRunTasks/with_valid_attributes
--- PASS: TestTeamAccessesUpdateRunTasks (3.04s)
    --- PASS: TestTeamAccessesUpdateRunTasks/with_valid_attributes (0.41s)
PASS
ok      github.com/hashicorp/go-tfe     26.047s
?       github.com/hashicorp/go-tfe/examples/organizations      [no test files]
?       github.com/hashicorp/go-tfe/examples/workspaces [no test files]
?       github.com/hashicorp/go-tfe/mocks       [no test files]

@glennsarti
Copy link
Contributor Author

glennsarti commented Apr 20, 2022

ENABLE_BETA=1 go test -run TestOrganizations -v ./... -tags=integration

=== RUN   TestOrganizationsList
=== RUN   TestOrganizationsList/with_no_list_options
    organization_integration_test.go:32: paging not supported yet in API
=== RUN   TestOrganizationsList/with_list_options
    organization_integration_test.go:38: paging not supported yet in API
--- PASS: TestOrganizationsList (3.05s)
    --- SKIP: TestOrganizationsList/with_no_list_options (0.47s)
    --- SKIP: TestOrganizationsList/with_list_options (0.00s)
=== RUN   TestOrganizationsCreate
=== RUN   TestOrganizationsCreate/with_valid_options
=== RUN   TestOrganizationsCreate/when_no_email_is_provided
=== RUN   TestOrganizationsCreate/when_no_name_is_provided
=== RUN   TestOrganizationsCreate/with_invalid_name
--- PASS: TestOrganizationsCreate (1.03s)
    --- PASS: TestOrganizationsCreate/with_valid_options (0.70s)
    --- PASS: TestOrganizationsCreate/when_no_email_is_provided (0.00s)
    --- PASS: TestOrganizationsCreate/when_no_name_is_provided (0.00s)
    --- PASS: TestOrganizationsCreate/with_invalid_name (0.00s)
=== RUN   TestOrganizationsRead
=== RUN   TestOrganizationsRead/when_the_org_exists
=== RUN   TestOrganizationsRead/when_the_org_exists/permissions_are_properly_decoded
=== RUN   TestOrganizationsRead/when_the_org_exists/timestamps_are_populated
=== RUN   TestOrganizationsRead/with_invalid_name
=== RUN   TestOrganizationsRead/when_the_org_does_not_exist
--- PASS: TestOrganizationsRead (1.68s)
    --- PASS: TestOrganizationsRead/when_the_org_exists (0.39s)
        --- PASS: TestOrganizationsRead/when_the_org_exists/permissions_are_properly_decoded (0.00s)
        --- PASS: TestOrganizationsRead/when_the_org_exists/timestamps_are_populated (0.00s)
    --- PASS: TestOrganizationsRead/with_invalid_name (0.00s)
    --- PASS: TestOrganizationsRead/when_the_org_does_not_exist (0.24s)
=== RUN   TestOrganizationsUpdate
=== RUN   TestOrganizationsUpdate/with_TFC-only_options
=== RUN   TestOrganizationsUpdate/with_valid_options
=== RUN   TestOrganizationsUpdate/with_invalid_name
=== RUN   TestOrganizationsUpdate/when_only_updating_a_subset_of_fields
--- PASS: TestOrganizationsUpdate (4.03s)
    --- PASS: TestOrganizationsUpdate/with_TFC-only_options (1.13s)
    --- PASS: TestOrganizationsUpdate/with_valid_options (1.46s)
    --- PASS: TestOrganizationsUpdate/with_invalid_name (0.00s)
    --- PASS: TestOrganizationsUpdate/when_only_updating_a_subset_of_fields (1.11s)
=== RUN   TestOrganizationsDelete
=== RUN   TestOrganizationsDelete/with_valid_options
=== RUN   TestOrganizationsDelete/with_invalid_name
--- PASS: TestOrganizationsDelete (1.26s)
    --- PASS: TestOrganizationsDelete/with_valid_options (0.94s)
    --- PASS: TestOrganizationsDelete/with_invalid_name (0.00s)
=== RUN   TestOrganizationsReadCapacity
    organization_integration_test.go:239: Capacity queues are not available in the API
--- SKIP: TestOrganizationsReadCapacity (0.00s)
=== RUN   TestOrganizationsReadEntitlements
=== RUN   TestOrganizationsReadEntitlements/when_the_org_exists
=== RUN   TestOrganizationsReadEntitlements/with_invalid_name
=== RUN   TestOrganizationsReadEntitlements/when_the_org_does_not_exist
--- PASS: TestOrganizationsReadEntitlements (1.60s)
    --- PASS: TestOrganizationsReadEntitlements/when_the_org_exists (0.23s)
    --- PASS: TestOrganizationsReadEntitlements/with_invalid_name (0.00s)
    --- PASS: TestOrganizationsReadEntitlements/when_the_org_does_not_exist (0.23s)
=== RUN   TestOrganizationsReadRunQueue
    organization_integration_test.go:332: Capacity queues are not available in the API
--- SKIP: TestOrganizationsReadRunQueue (0.00s)
=== RUN   TestOrganizationsReadRunTasksPermission
=== RUN   TestOrganizationsReadRunTasksPermission/when_the_org_exists
=== RUN   TestOrganizationsReadRunTasksPermission/when_the_org_exists/permissions_are_properly_decoded
--- PASS: TestOrganizationsReadRunTasksPermission (1.41s)
    --- PASS: TestOrganizationsReadRunTasksPermission/when_the_org_exists (0.39s)
        --- PASS: TestOrganizationsReadRunTasksPermission/when_the_org_exists/permissions_are_properly_decoded (0.00s)
PASS
ok      github.com/hashicorp/go-tfe     15.869s
?       github.com/hashicorp/go-tfe/examples/organizations      [no test files]
?       github.com/hashicorp/go-tfe/examples/workspaces [no test files]
?       github.com/hashicorp/go-tfe/mocks       [no test files]

@glennsarti
Copy link
Contributor Author

glennsarti commented Apr 20, 2022

ENABLE_TEST=1 go test -run TestTeams -v ./... -tags=integration

=== RUN   TestTeamsList
=== RUN   TestTeamsList/without_list_options
    team_integration_test.go:37: paging not supported yet in API
=== RUN   TestTeamsList/with_list_options
    team_integration_test.go:43: paging not supported yet in API
=== RUN   TestTeamsList/without_a_valid_organization
--- PASS: TestTeamsList (2.65s)
    --- SKIP: TestTeamsList/without_list_options (0.33s)
    --- SKIP: TestTeamsList/with_list_options (0.00s)
    --- PASS: TestTeamsList/without_a_valid_organization (0.00s)
=== RUN   TestTeamsCreate
=== RUN   TestTeamsCreate/with_valid_options
=== RUN   TestTeamsCreate/with_sso-team-id
=== RUN   TestTeamsCreate/when_options_is_missing_name
=== RUN   TestTeamsCreate/when_options_has_an_invalid_organization
--- PASS: TestTeamsCreate (1.80s)
    --- PASS: TestTeamsCreate/with_valid_options (0.50s)
    --- PASS: TestTeamsCreate/with_sso-team-id (0.27s)
    --- PASS: TestTeamsCreate/when_options_is_missing_name (0.00s)
    --- PASS: TestTeamsCreate/when_options_has_an_invalid_organization (0.00s)
=== RUN   TestTeamsRead
=== RUN   TestTeamsRead/when_the_team_exists
=== RUN   TestTeamsRead/when_the_team_exists/visibility_is_returned
=== RUN   TestTeamsRead/when_the_team_exists/permissions_are_properly_decoded
=== RUN   TestTeamsRead/when_the_team_exists/organization_access_is_properly_decoded
=== RUN   TestTeamsRead/when_the_team_exists/SSO_team_id_is_returned
=== RUN   TestTeamsRead/when_the_team_does_not_exist
=== RUN   TestTeamsRead/without_a_valid_team_ID
--- PASS: TestTeamsRead (2.65s)
    --- PASS: TestTeamsRead/when_the_team_exists (0.25s)
        --- PASS: TestTeamsRead/when_the_team_exists/visibility_is_returned (0.00s)
        --- PASS: TestTeamsRead/when_the_team_exists/permissions_are_properly_decoded (0.00s)
        --- PASS: TestTeamsRead/when_the_team_exists/organization_access_is_properly_decoded (0.00s)
        --- PASS: TestTeamsRead/when_the_team_exists/SSO_team_id_is_returned (0.00s)
    --- PASS: TestTeamsRead/when_the_team_does_not_exist (0.22s)
    --- PASS: TestTeamsRead/without_a_valid_team_ID (0.00s)
=== RUN   TestTeamsUpdate
=== RUN   TestTeamsUpdate/with_valid_options
=== RUN   TestTeamsUpdate/when_the_team_does_not_exist
=== RUN   TestTeamsUpdate/without_a_valid_team_ID
--- PASS: TestTeamsUpdate (2.33s)
    --- PASS: TestTeamsUpdate/with_valid_options (0.51s)
    --- PASS: TestTeamsUpdate/when_the_team_does_not_exist (0.23s)
    --- PASS: TestTeamsUpdate/without_a_valid_team_ID (0.00s)
=== RUN   TestTeamsDelete
=== RUN   TestTeamsDelete/with_valid_options
=== RUN   TestTeamsDelete/without_valid_team_ID
--- PASS: TestTeamsDelete (1.81s)
    --- PASS: TestTeamsDelete/with_valid_options (0.48s)
    --- PASS: TestTeamsDelete/without_valid_team_ID (0.00s)
=== RUN   TestTeamsUpdateRunTasks
=== RUN   TestTeamsUpdateRunTasks/with_valid_options
--- PASS: TestTeamsUpdateRunTasks (2.15s)
    --- PASS: TestTeamsUpdateRunTasks/with_valid_options (0.50s)
PASS
ok      github.com/hashicorp/go-tfe     13.889s
?       github.com/hashicorp/go-tfe/examples/organizations      [no test files]
?       github.com/hashicorp/go-tfe/examples/workspaces [no test files]
?       github.com/hashicorp/go-tfe/mocks       [no test files]

@glennsarti
Copy link
Contributor Author

glennsarti commented Apr 20, 2022

ENABLE_BETA=1 go test -run TestWorkspacesRunTasksPermission -v ./... -tags=integration

=== RUN   TestWorkspacesRunTasksPermission
=== RUN   TestWorkspacesRunTasksPermission/when_the_workspace_exists
--- PASS: TestWorkspacesRunTasksPermission (2.12s)
    --- PASS: TestWorkspacesRunTasksPermission/when_the_workspace_exists (0.25s)
PASS
ok      github.com/hashicorp/go-tfe     2.630s
?       github.com/hashicorp/go-tfe/examples/organizations      [no test files]
?       github.com/hashicorp/go-tfe/examples/workspaces [no test files]
?       github.com/hashicorp/go-tfe/mocks       [no test files]

@glennsarti glennsarti requested review from sebasslash and cam-stitt Apr 20, 2022
@glennsarti
Copy link
Contributor Author

glennsarti commented Apr 20, 2022

I've extracted just the permissions pieces from #381

@glennsarti glennsarti force-pushed the gs/add-run-task-permissions branch from fb2d82c to 9df7695 Compare Apr 20, 2022
cam-stitt
cam-stitt previously approved these changes Apr 20, 2022
Copy link
Member

@cam-stitt cam-stitt left a comment

Does what it says on the tin.

sebasslash
sebasslash previously approved these changes Apr 21, 2022
Copy link
Contributor

@sebasslash sebasslash left a comment

Looks 🔥

team_access_integration_test.go Outdated Show resolved Hide resolved
@glennsarti glennsarti dismissed stale reviews from sebasslash and cam-stitt via c552d8b Apr 22, 2022
@glennsarti glennsarti force-pushed the gs/add-run-task-permissions branch from 9df7695 to c552d8b Compare Apr 22, 2022
@glennsarti glennsarti requested a review from sebasslash Apr 22, 2022
@glennsarti
Copy link
Contributor Author

glennsarti commented Apr 22, 2022

Missed the TeamAccessAddOptions change.

@glennsarti glennsarti force-pushed the gs/add-run-task-permissions branch from c552d8b to 7cf1ee7 Compare Apr 22, 2022
sebasslash
sebasslash previously approved these changes Apr 22, 2022
Copy link
Contributor

@sebasslash sebasslash left a comment

Things look good. One minor point for discussion below 👍

@@ -98,6 +98,7 @@ type TeamAccess struct {
StateVersions StateVersionsPermissionType `jsonapi:"attr,state-versions"`
SentinelMocks SentinelMocksPermissionType `jsonapi:"attr,sentinel-mocks"`
WorkspaceLocking bool `jsonapi:"attr,workspace-locking"`
RunTasks bool `jsonapi:"attr,run-tasks"`
Copy link
Contributor

@sebasslash sebasslash Apr 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thinking about this a little more, should we document that this field is in beta and not widely available to everyone? Given I see this causing some manner of confusion.

Copy link
Contributor Author

@glennsarti glennsarti Apr 23, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there any reason why all these permissions have to be required?

Run Tasks is due out of beta in a week or so, so no. I don't think it's required.

This commit adds the beta API changes for the Run Tasks permissions
as per RFC TF-474:
* Permission to modify Organization level Run Tasks
* Permission to modify Workspace level Run Tasks

This commit also adds tests for these beta features.
@glennsarti
Copy link
Contributor Author

glennsarti commented Apr 27, 2022

Had to rebase for the flaky tests

Copy link
Contributor

@sebasslash sebasslash left a comment

Re-approving. Everything looks good 👍

@glennsarti glennsarti merged commit a5bcb84 into main May 4, 2022
4 checks passed
@glennsarti glennsarti deleted the gs/add-run-task-permissions branch May 4, 2022
@github-actions
Copy link

github-actions bot commented May 4, 2022

Reminder to the contributor that merged this PR: if your changes have added important functionality or fixed a relevant bug, open a follow-up PR to update CHANGELOG.md with a note on your changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

3 participants